oaktrees
asked on
Win10 1Tb SSD: No TPM --> No BitLocker. How to Encrypt?
No TPM. Win 10Pro Asus machine. Drive is 1Tb SSD. Lots of files. BitLocker won't work as no TMP. What would be the easiest and most robust way to encrypt my drive? Focus on easy, please. :P :))
McKnife
https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/ tells you how to do it without a TPM.
ASKER
Hi McKnife!
Yeah, saw that aleready. Seems like it may cause complications. There's this line at the end of the article:
When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.
What with Windows updates and/or Ghost recoverys, seems like, with that at the doorway, there'd be a lot of chance for one to get locked out of one's own system.
Anything more seamless?
Thanks!
OT
Yeah, saw that aleready. Seems like it may cause complications. There's this line at the end of the article:
When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.
What with Windows updates and/or Ghost recoverys, seems like, with that at the doorway, there'd be a lot of chance for one to get locked out of one's own system.
Anything more seamless?
Thanks!
OT
That is as seamless as it gets. The line at the end, what complications do you see? Sure, you lose that password, you have a problem, but that is why we have
A backups
B the recovery key printed and/or saved at a secure location.
Ghost recovery - totally different topic. If you are worried how to restore an image of an encrypted windows (bitlocked, or whatever encryption), please ask another question.
A backups
B the recovery key printed and/or saved at a secure location.
Ghost recovery - totally different topic. If you are worried how to restore an image of an encrypted windows (bitlocked, or whatever encryption), please ask another question.
No disagreement with McKnife's good comments, but want to add to them.
I think you need to consider what is expected with Bitlocker or any other encryption. If it can be accessed without anything unique (such as password or TPM), what will stop it from being accessed in another computer? Without TPM, you can't count on your computer to have a unique signature that can't be forged. The solution for that is to provide a password. TPM effectively replaces the password as it provides unique keys.
What are you thinking will secure your system if you don't have TPM or a password?
I think you need to consider what is expected with Bitlocker or any other encryption. If it can be accessed without anything unique (such as password or TPM), what will stop it from being accessed in another computer? Without TPM, you can't count on your computer to have a unique signature that can't be forged. The solution for that is to provide a password. TPM effectively replaces the password as it provides unique keys.
What are you thinking will secure your system if you don't have TPM or a password?
ASKER
Hi,
Here's what I'm thinking: I automatically backup each day or so via Ghost or rather...Veritas, as Ghost was actually spun off from Norton - if you can believe that!
So, running that Ghost copy each day, it's just an image. Seems like there SHOULD be no problems, and Ghost/Veritas even says "If you've activated Bitlicker on the drive your recoveries will STILL Work." Somehow, that seems to be for a as-designed Bitlocker. I can see this workaround will run bitlocker on the drive. Just worried that it will catch up if I need to recover from a Ghosted image.
In "theory" it should work. But...
So, here's my next thought - a self-encrypted drive. Should I post as a separate question? Here's what I'm curious about. If I'm using a self-encrypted drive, I'm good to go from the start. Am I right?
Here's my goal: if I lose my notebook, don't want folks to be able to get past the Windows basic password and get to the files.
Here's what I'm thinking: I automatically backup each day or so via Ghost or rather...Veritas, as Ghost was actually spun off from Norton - if you can believe that!
So, running that Ghost copy each day, it's just an image. Seems like there SHOULD be no problems, and Ghost/Veritas even says "If you've activated Bitlicker on the drive your recoveries will STILL Work." Somehow, that seems to be for a as-designed Bitlocker. I can see this workaround will run bitlocker on the drive. Just worried that it will catch up if I need to recover from a Ghosted image.
In "theory" it should work. But...
So, here's my next thought - a self-encrypted drive. Should I post as a separate question? Here's what I'm curious about. If I'm using a self-encrypted drive, I'm good to go from the start. Am I right?
Here's my goal: if I lose my notebook, don't want folks to be able to get past the Windows basic password and get to the files.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Self encrypting drives can be used, why not, if you already have one. But these can be problematic as well, see this thread https://social.technet.microsoft.com/Forums/en-US/a4bffc66-fa20-4539-aab6-d5e964e5b17e/bitlocker-recovery-key-prompt-issue-in-windows-10?forum=win10itprosecurity
ASKER
Yipes! Scary on the SED. Thanks again for all the help.